Re: unprivileged mounts git tree

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Eric W. Biederman

Subject: Re: unprivileged mounts git tree

Date: Thursday, September 11, 2008 - 11:54 am

"Serge E. Hallyn" <serue@us.ibm.com> writes:

quoted text> Quoting Miklos Szeredi (miklos@szeredi.hu):
>> On Thu, 11 Sep 2008, ebiederm@xmission.com (Eric W. Biederman)
>> > There is a weird corner case I'm trying to wrap my head around.
>> > unlink and rmdir do not work on dentries that are mount points
>> > in another mount namespace.
>> > 
>> > Which is at least needed for the moment so we don't leak mounts.
>> > 
>> > Once we have unprivileged mounts does that introduce a DOS attack?
>> 
>> Hmm, yes.  That's a tough one...
>> 
>> I think if the dentry has only user mounts, unlink should go ahead and
>> on success dissolve any mounts on the dentry.  Does that sound
>> workable?
>> 
>> Thanks,
>> Miklos
>
> Is it really a problem?  The admin can always go ahead and kill the
> user, which already takes care of any mounts in private namespaces,
> which I think is Eric's primary concern.  IT also takes care of that
> user's processes pinning files under the mounts.  So now the admin can
> umount all the user's mounts in the init namespace (using a script
> parsing /proc/self/mountinfo if need be), and delete the files.
>
> Doesn't really seem like a problem.
>
> Or am I missing Eric's real concern?

Assume /user is the base unprivileged mount point.

echo dummy > /tmp/1234
mount --bind /etc /user/etc
mount --bind /tmp/1234 /user/etc/passwd

Now you can't create /etc/passwd.new and rename it to /etc/passwd.
Stopping adduser from working.

As Miklos said this can apply to any file or any directory, so it can
be a DOS against any other user on the system.

It is also contrary to classic unix and linux semantics as open files
don't otherwise prevent unlink, rename or, rmdir from happening. So
applications are not going to be ready for it.

At a practical level I recently replace chroot with mount namespaces
to simplify handling of mounts and ouch!  When a process goes crazy
and doesn't exit when you expect and then you try and delete the
directory it is a pain.

Eric

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

unprivileged mounts git tree, Miklos Szeredi, (Wed May 7, 5:05 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Aug 7, 3:27 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Aug 7, 5:07 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Aug 7, 5:25 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Mon Aug 25, 4:01 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Aug 27, 8:36 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Aug 27, 8:55 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Aug 27, 11:46 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Sep 3, 11:45 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Sep 3, 2:54 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Sep 3, 3:02 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Sep 3, 3:25 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Sep 3, 3:43 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Sep 3, 11:42 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 6:28 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 7:06 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 8:40 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 9:17 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 10:42 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 10:48 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 11:03 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 11:49 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 3:26 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 4:32 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Fri Sep 5, 8:31 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Tue Sep 9, 6:34 am)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 3:37 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 11, 7:43 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 11, 8:20 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 11, 8:44 am)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 11:54 am)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 12:04 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 12:58 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Fri Sep 12, 3:08 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Fri Sep 12, 8:12 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Sat Sep 13, 6:56 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Sat Sep 13, 8:06 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Tue Sep 30, 12:39 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Mon Oct 6, 4:05 am)

Navigation

Popular discussions


linux-kernel:
Christoph Lameter	[PATCH 1/2] Make page->private usable in compound pages V1
Luben Tuikov	Re: Integration of SCST in the mainstream Linux kernel
Alexey Dobriyan	Re: [2.6.22.2 review 09/84] Fix rfkill IRQ flags.
Michal Nazarewicz	Re: [PATCH] USB: Gadget: g_multi: added INF file for gadget with multiple configur...
Jesse Barnes	Re: PCI probing changes
git:
Jakub Narebski	Re: GSoC 2008 - Mentors Wanted!
Jan Harkes	Re: git-svn and huge data and modifying the git-svn-HEAD branch directly
Andy Parkins	git-fetch fails with error code 128
Marcus Griep	Re: [PATCH 1/3] Git.pm: Add faculties to allow temp files to be cached
Junio C Hamano	Re: [JGIT PATCH 2/2] Decrease the fetch pack client buffer to the lower minimum
git-commits-head:
Linux Kernel Mailing List	ARM: 5970/1: nomadik-gpio: fix spinlock usage
Linux Kernel Mailing List	sh-sci: update receive error handling for muxed irqs
Linux Kernel Mailing List	No need to do lock_super() for exclusion in generic_shutdown_super()
Linux Kernel Mailing List	x86, msr: Export the register-setting MSR functions via /dev/*/msr
Linux Kernel Mailing List	Input: gpio-keys - add support for disabling gpios through sysfs
linux-netdev:
Eric Dumazet	[PATCH] net: ALIGN/PTR_ALIGN cleanup in alloc_netdev_mq()/netdev_priv()
Patrick McHardy	[NET_SCHED]: sch_ingress: remove netfilter support
Rose, Gregory V	RE: __bad_udelay in network driver breaks build
Patrick McHardy	Re: no reassembly for outgoing packets on RAW socket
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
openbsd-misc:
ropers	Re: Real men don't attack straw men
elitdostlar	Seks partneri arayan bayanlar bu adreste - 8878xs706x6438
Marcus Andree	Re: This is what Linus Torvalds calls openBSD crowd
Lars D. Noodén	Re: sshd.config and AllowUsers
Henning Brauer	Re: Sun Blade 1000?

Colocation donated by:

Syndicate